Zscaler’s Jay Chaudhry: Partners Must Embrace Cloud, Zero Trust Security

‘One infected workload can infect thousands of other workloads in the cloud. Then you can try to say, ‘Cloud is bad.’ [But I’d say,] ‘No, it’s not the cloud that’s bad. It’s the network security that’s bad,’’ says Zscaler CEO Jay Chaudhry.

Cloud providers have the resources to ensure customer data is protected in a way that even large enterprises can’t afford to do on their own, said Zscaler CEO Jay Chaudhry.

Businesses must ensure that their cloud services are properly configured to avoid a repeat of the 2019 Capital One breach, where former software engineer Paige Thompson stole the personal data of 106 million credit card applicants via a server side request forgery attack on an AWS server. In response, Chaudhry said Zscaler started offering products that make it easy for customers to assess if their cloud workloads are configured properly.

“Why are we spending billions of dollars on security and still getting hacked?” Chaudhry said during an interview at Best of Breed (BoB) Spring 2021, hosted by CRN parent The Channel Company. “I think it seems like a tough answer, but it’s not. I think we’re getting a false sense of security doing security the way we started doing it 20 years ago.”

[Related: Zscaler Buys Startup Trustdome To Control Cloud Permissions]

Zscaler connects users to an application rather than the network itself to minimize where a machine can go in the event it’s compromised, Chaudhry said. The San Jose, Calif.-based cloud security vendor’s technology allows customers to access both external applications without having to worry about phishing, ransomware, or botnets as well as internal applications without having to turn on VPN, he said.

The company’s Zero Trust Exchange reduces the attack surface and improves a customer’s business risk posture by ensuring that users are only talking to the approved applications, he said. Zscaler wants to take its zero trust approach for connecting users to applications and apply it to communication between workloads, where customers are too often taking a network-based approach to public cloud security.

“One infected workload can infect thousands of other workloads in the cloud,” Chaudhry told CRN. “Then you can try to say, ‘cloud is bad.’ [But I’d say,] ‘No, it’s not the cloud that’s bad. It’s the network security that’s bad.’”

Zscaler for the past decade has primarily seen competition in the web gateway space from appliance vendors like Symantec, Blue Coat, McAfee and Cisco, Chaudhry said. These vendors attempted to build their appliance service in the cloud after seeing Zscaler’s success, but it didn’t work and they went away as competition. Most recently, Chaudhry said firewall vendors have attempted to do the same thing.

“Any of the proxy vendors – the Symantecs of the world, the McAfees of the world – they tried to make cloud work, along with appliances,” Chaudhry said. “And so their message was, ‘I’ll give you the best of both worlds, the best appliance and the best cloud.’ Well, frankly, it was the worst of both worlds.”

As a result, Chaudhry said many folks previously working with legacy appliance vendors switched to Zscaler. Most of the company’s new clients have already tried a cloud version of the appliance vendors, but found that it didn’t work as well in real life as it did in the demo, Chaudhry said.

Cisco declined to comment.

Symantec (which bought Blue Coat) said hybrid is the name of the game for the foreseeable future, and the company’s platform combines a best-in-class on-premises offering with a built-for-the-hyperscale cloud web security service, said Rob Greer, VP and GM, network and information security software division. “We don‘t force customers to compromise; we give our customers best-of-breed choices every step of the way in their journey to the cloud,” Greer said.

McAfee said its leadership in cloud security is well recognized by customers, partners, media and analysts, including Gartner, where the company is a leader in its ‘Magic Quadrant for CASB’ for four years running, according to SVP of Enterprise Customer Success Adam Philpott. McAfee’s average enterprise customer tenure is 17 years, which Philpott said speaks to the value and trust enterprise customers place in the company.

“We’re confident and comfortable to focus on the incredible cloud-native value we offer, as is our growing customer base,” Philpott told CRN in a statement.

Chaudhry said that vendors who try to secure the cloud through containers will encounter obstacles due to the single tenant architecture. Containers are good for developing applications that enterprises need to use, but Chaudhry said they’re not effective for cloud since it would be akin to Salesforce having to separately create and update a virtual machine for each of its 200,000 customers.

“You’ve got to have a multitenant architecture if you want to be a cloud provider,” Chaudhry said. “And that’s what we have done.”

Chaudhry urged partners to move beyond selling boxes and deployment services and embrace the services opportunity around helping customers move to the cloud. Businesses need help with everything from authentication services to policy configuration in the cloud as organizations who previously had traffic in 300 different locations attempt to figure out how to send all of that traffic to the cloud, he said.

“No matter how smart you are, you can’t take a mediocre product and be successful with it,” Chaudhry said. “You shouldn’t have to sell the product; the product should sell itself. You should be adding value and delivering around it.”

Black Lake Security provides implementation, maintenance and support services for larger accounts deploying Zscaler, and will even send its engineers to customer sites for an extended period when deploying the technology into 60,000-person environments, according to Mark Jones, CEO of the Austin-based Zscaler partner, No. 291 on the 2020 CRN Solution Provider 500.

“We make great margins on the software, and we make even greater margins on the services,” Jones told CRN. “Jay [Chaudhry] understands the world that we live in.”

Many Black Lake customers had already been using Zscaler at the start of the pandemic, but Jones said they were looking to dramatically scale up their deployments so that people who used to sit behind a corporate firewall could now securely access applications and workloads in the cloud. Getting traffic moved over to Zscaler was straightforward, and didn’t result in the bandwidth issues seen with firewalls.

“Jay [Chaudhry] was a visionary, and he was able to see the need for a product like this,” Jones said. “It takes a lot of work out from under the customer IT teams to get secure access to users.”